1
   

Virus vectors?

 
 
Reply Fri 12 Nov, 2010 05:52 am
I've recently had to help a friend recover data files from a Windows XP installation which was damaged beyond repair by a rogue antivirus thing called "System Tools 2011", and this is a friend who simply does not do any of the things I normally associate with people getting computer viruses. I mean, we're really at a loss as to how this one could have happened.

Does anybody have any sort of a list of the ways these things are spread?

Also I'm curious as to the following scenario: You get repeated extraneous emails which look like normal advertising with a link at the bottom saying "Click here to be removed from our mailing list." or some such. Could THAT be a virus vector??
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Question • Score: 1 • Views: 1,483 • Replies: 14
No top replies

 
rosborne979
 
  1  
Reply Fri 12 Nov, 2010 06:44 am
@gungasnake,
Yes, that's definitely a vector.
Setanta
 
  1  
Reply Fri 12 Nov, 2010 07:44 am
It is the usual method for establishing that the e-mail is a currently valid address, and the scammer will then be able to sell the address.
gungasnake
 
  1  
Reply Fri 12 Nov, 2010 10:05 am
@rosborne979,
More than a little bit interesting if true... Have you ever actually heard of somebody getting a computer virus that way??
Setanta
 
  1  
Reply Fri 12 Nov, 2010 12:17 pm
Roswell, quote my previous post so that Gunga can read it--this has nothing to do with a computer virus. It is a scam, though.
gungasnake
 
  1  
Reply Fri 12 Nov, 2010 01:39 pm
@Setanta,
I'm using the term virus loosely here. System Tools 2011 does a pretty good impression of a major virus attack and it progressively takes over and shuts down the system, while actively preventing the installation or use of products which might get rid of it.
DrewDad
 
  1  
Reply Fri 12 Nov, 2010 01:46 pm
@gungasnake,
One of the more recent virus vectors, especially for the extortion-ware stuff like System Tools 2011, is advertising banners. I've seen several folks get burned this way.

You have to keep your flash player and java installation patched. There are also exploits for older versions of Adobe Reader. Opening a PDF file isn't automatically safe, anymore.
DrewDad
 
  1  
Reply Fri 12 Nov, 2010 01:48 pm
@DrewDad,
Even better than keeping Java, Flash, etc. patched is to either run your browser in a virtual machine, or to use Sandboxie.
0 Replies
 
roger
 
  1  
Reply Fri 12 Nov, 2010 02:19 pm
@DrewDad,
PDF files, too? But, they are mostly published by trusted sites.
rosborne979
 
  1  
Reply Fri 12 Nov, 2010 03:06 pm
@gungasnake,
gungasnake wrote:
More than a little bit interesting if true... Have you ever actually heard of somebody getting a computer virus that way??

"System Tools 2011" and a few variants are know viruses. I've seen them myself on some of the customer systems that I maintain.

Viruses or Worms or whatever you want to call them are just bits of code which have been executed by the computer system. It's fairly common for bits of code such as this to be Emailed to people as attachments (which they then run), or Emailed to people as Links which they click on. Many web browsers are configured to download and execute code when they link to them. The code can be wrapped in many layers and take different forms, Flash, asp, etc, but the salient result is that they are executed on the target system. Once the code has been executed by a user of sufficient privilege the virus can embed itself anywhere in the system. MSWindows is particularly bad about this because the registry allows even users with normal permissions to make system level changes. Unix Systems are much more robust because they don't have a registry and because system level code is protected from normal users through permissions settings.

Does that answer your question?
rosborne979
 
  1  
Reply Fri 12 Nov, 2010 03:11 pm
@Setanta,
Setanta wrote:
It is the usual method for establishing that the e-mail is a currently valid address, and the scammer will then be able to sell the address.

This is also correct. Many many links which say "remove me from your list" are simply tools used by the scammer to collect "active" Email addresses (because if you press the "remove me" button, then you are probably a real live human being, and that's what scammers really want).

In general we tell users not to click on links that are embedded in their Emails. But the other thing you can do if you're curious (and careful) is to right-click the link and look at the target without actually opening it. Many links in Email are forged, so even though they say, "irs.gov", if you actually look at the target you will see that it goes to some type of shady multi layered marketing domain.
0 Replies
 
DrewDad
 
  1  
Reply Fri 12 Nov, 2010 03:12 pm
@roger,
roger wrote:

PDF files, too? But, they are mostly published by trusted sites.

It's easy to generate a PDF. I can do it locally on my laptop (and frequently do so).
0 Replies
 
rosborne979
 
  1  
Reply Fri 12 Nov, 2010 03:15 pm
@gungasnake,
gungasnake wrote:

I'm using the term virus loosely here. System Tools 2011 does a pretty good impression of a major virus attack and it progressively takes over and shuts down the system, while actively preventing the installation or use of products which might get rid of it.

System Tools 2011 is a nasty one. Once it's in there it's virtually impossible to remove without booting the system onto a clean image and then running some removal tools.

I usually reboot the system onto a thumb drive and run one of the Linux tools on the system to clean it out.
DrewDad
 
  1  
Reply Fri 12 Nov, 2010 03:16 pm
@rosborne979,
rosborne979 wrote:
System Tools 2011 is a nasty one. Once it's in there it's virtually impossible to remove without booting the system onto a clean image and then running some removal tools.

Yup. Even after it's off, you have to repair the TCP/IP stack.
0 Replies
 
gungasnake
 
  1  
Reply Fri 12 Nov, 2010 08:29 pm
@rosborne979,
Thanks, several useful pieces of information here.
0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Virus vectors?
Copyright © 2019 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 05/23/2019 at 03:50:04